<HTML>
<HEAD>
<TITLE>I have recently found a really easy way to get Admin rights on an NT</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF">
<CENTER><H2>Getting Admin rights</H2></CENTER><HR>
<FONT FACE="Arial" SIZE=2><P>I have recently found a really easy way to get Admin rights on an NT</P>
<P>box....</P>
<P>so easy I'm surprised it wasn't discovered earlier.</P>
<P>&nbsp;</P>
<P>Here we go:</P>
<P>&nbsp;</P>
<P>A plain old user has write access to the winnt\system32 directory.</P>
<P>He renames logon.scr to logon.old.</P>
<P>He then renames usrmgr.exe (or musrmgr.exe on Workstations) to logon.scr.</P>
<P>He then shuts down the computer using the "close all programs and log on as</P>
<P>different user" option.</P>
<P>He then waits.....</P>
<P>The system will start logon.scr if left long enough.</P>
<P>User Manager will load......</P>
<P>The user then selects his domain. (You have to type the domain name in)</P>
<P>He then adds himself to the Administrators group.</P>
<P>He then exits and logs back on.</P>
<P>&nbsp;</P>
<P>Some of you may be thinking that as soon as you move the mouse the "screen</P>
<P>saver" should disappear but because you can only get rid of logon.scr with</P>
<P>a ctrl+alt+del you can then use the mouse 'til your heart's content.</P>
<P>&nbsp;</P>
<P>To solve this :</P>
<P>Ensure that a plain old user only has "read" rights to the winnt\system32</P>
<P>directory.</P>
<P>Also make sure that the registry has the correct permissions assigned so</P>
<P>the user can specify a different  location etc for logon.scr.</P>
<P>&nbsp;</P>
</FONT><FONT SIZE=2><P>&nbsp;</P></FONT></BODY>
</HTML>